Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Volume XIV - Issue #83

October 16, 2012

What do Harvard and Cornell and Cambridge and Stanford and Princeton
and the University of Tokyo and the University of Maryland all have in
common? It isn't good. At the end of this issue you'll find a partial
listing of victims and a follow up to Friday's story on the Florida
State breach where personal data on 275,000 students and employees'
was taken and many, many are experiencing identity theft now. Colleges
have a tough challenge in security; though they have some of the best
security people and do more with less money than their counterparts
in any other industry, sysadmins in colleges are often just part time
researchers and fail in their role as "human sensors." A promising
solution is proposed in the "A Closing Word" at the end of this issue.
Alan

- --SANS Security East 2013 New Orleans, LA January 16-23, 2013 11 courses. Bonus evening presentations include The Next Wave - Data Center Consolidation; Top Threats to Cloud for 2013; and Hacking Your Friends and Neighbors for Fun. http://www.sans.org/event/security-east-2013

- --NA SCADA and Process Control Summit 2013 Lake Buena Vista, FL February 6-13, 2013 The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. The Security Summit is an action conference designed so that every attendee leaves with new tools and techniques they can put to work immediately when they return to their office. The Summit is the place to come and interact with top SCADA experts, key government personnel, researchers and asset owners at the multiple special networking events. http://www.sans.org/event/north-american-scada-2013

Plus Bangalore, Johannesburg, Seoul, Tokyo, Barcelona, and Cairo all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ***************************************************************************

TOP OF THE NEWS

US Defense Secretary Says US is Prepared to Take Action (October 11 & 14, 2012)

US Defense Secretary Leon Panetta last week said that a recent campaign of cyberattacks on Middle East oil and gas companies "was probably the most destructive attack that the private sector has seen to date." While Panetta did not say that Iran was involved in those attacks, he did note that Iran is trying to "gain an advantage in cyberspace" and warned those who would consider launching cyberattacks against the US that the US is prepared to take action. -http://www.eweek.com/security/iranian-cyber-attack-is-most-destructive-to-date-says-defense-secretary/-http://www.washingtonpost.com/world/national-security/cyberattack-on-mideast-energy-firms-was-biggest-yet-panetta-says/2012/10/11/fe41a114-13db-11e2-bf18-a8a596df4bee_story.html[Editor's Note (Assante): One must not lose sight of the big picture when considering the consequences of all cyber attacks on our productivity, competitiveness, and national security. The challenge with the emerging attacks referred to by the Secretary of Defense is in the development of doctrines that are flexible enough to apply the right response to manage the death by a thousand cuts while deterring specific attacks that can directly impact economic and nation security. Cyber defense is a job too big for any one organization we all play an important part in safeguarding our information and critical systems. (McBride): McBride: The tone of Panetta's comments appears to support a stance of deterrence. He well might have said "the U.S. is prepared to take offensive or retaliatory action if and when it can positively attribute highly-destructive attacks to another nation-state." On the other hand, the tone of the comments does not build confidence that the U.S. is prepared to defend and restore. That makes his plea to executives of firms that own and operate critical infrastructure all the more imperative. ]

Thieves Steal US $400,000 From Washington Town (October 15, 2012)

Cyberthieves have stolen more than US $400,000 from a Bank of America account belonging to the city of Burlington, Washington. The city is notifying hundreds of employees and city residents that their own bank account information may have been compromised because some employees use the city's electronic payroll deposit program and some city residents participate in an automatic payment system for sewer and storm drain bills. The city administrator says that customers should assume that their names, account numbers, and bank routing numbers have been compromised. The city learned of the theft when an East Coast bank contacted people in Burlington about some suspicious transfers. -http://www.computerworld.com/s/article/9232372/Cyberthieves_loot_400_000_from_city_bank_account?taxonomyId=82

IC3 Warns of Android Malware (October 15, 2012)

The IC3 has issued an intelligence note, warning people of malware that targets Android mobile devices. The IC3 is a partnership between the FBI and the National White Collar Crime Center; its mission is "to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cybercrime." -http://news.cnet.com/8301-1009_3-57532937-83/fbi-warns-users-of-malicious-mobile-malware/-http://www.ic3.gov/media/2012/121012.aspx[Editor's Note (Murray): This was predictable and predicted. Open systems are fundamentally vulnerable to malicious code attacks. We should not be encouraging their use by amateurs, nor relying upon amateurs for security. ]

A CLOSING WORD

A Closing Word: Security Breached At 53 Major Colleges - A Sensible Path To Avoiding More Embarrassment

Two weeks ago, the New York Times reported that 53 universities (see partial list below) had been breached. -http://bits.blogs.nytimes.com/2012/10/03/hackers-breach-53-universities-dump-thousands-of-personal-records-online/?elq=3c0a7e78ad19446eac41cc0334bf6d74&elqCampaignId=269 Add in Friday's story that personal information on 275,000 students and staff were taken at Florida State (and identity theft reported on 50 of the victims already), and you have a massive failure of security in the academic sphere. Even more interesting was the comment from the Team Gotshell hacker after breaching the servers, "When we got there, we found that a lot of them (university severs) already have malware injected." That means that the system administrators are not seeing the signs of infection (or not doing anything about the infections they uncover). The government nuclear energy laboratories have discovered a fascinating way to get all their system administrators and security staff to be much better at detecting system breaches and stopping the breach. SANS is experimenting with a few leading colleges to bring those same skills to the system administrators at colleges. We are looking for other colleges that want to participate in the consortium, beginning with a very cool webinar in a few weeks. Send expression of interest to Scott Weil (sweil@sans.org). Partial list of victims: Harvard University Cambridge University Stanford University Princeton John Hopkins Imperial College London University of Tokyo University of Wisconsin University of Pennsylvania Cornell University Kyoto University University of Houston New York University University of Edinburgh University of Pittsburgh University of Maryland University of British Columbia University of Texas University of Colorado Duke University Rutgers University Manchester University University of Florida Moscow State University Texas A&M Boston University McMaster University Purdue University Upsala Case Western University Arizona State University Nagoya University University of Bristol Ohio State University of Melbourne University of Oslo University of Utah************************************************************************

The Editorial Board of SANS NewsBites

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course..

William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.

Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was Vice President and Chief Security Officer for American Electric Power.

Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Alan Paller is director of research at the SANS Institute.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account/